package com.design3.graduatethesissys.configure;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import com.design3.graduatethesissys.service.impl.UserServiceImpl;

/** 
* @author 作者 罗穆健: 
* @version 创建时间：2020年1月4日 下午9:27:39 
* 类说明 
*/
@Configuration
//@EnableConfigurationProperties(SecurityProperties.class)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

    @Autowired
    private MyFilterSecurityInterceptor myFilterSecurityInterceptor;
	

    @Autowired
    private MyAuthenticationProvider myAuthenticationProvider;
    
    @Autowired
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Autowired
    private MyAuthenticationFailHander myAuthenticationFailHander;
    @Autowired
    private UrlAccessDeniedHandler accessDeniedHandler;
 
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    	auth.authenticationProvider(myAuthenticationProvider);

//        auth
//        .inMemoryAuthentication()
//            .withUser("admin").password("123456").roles("USER")
//            .and()
//			.withUser("test").password("test123").roles("ADMIN");
    }

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()
			.antMatchers("/js/**", "/css/**", "/images/**", "/common/**", "/public/**", "/favicon.ico", "/webjars/**", "/Login","/Login-error")
			.permitAll() // 匿名可以访问	
//			.antMatchers("/adnim/**").hasRole("ADMIN")
//			.antMatchers("/Student/**").hasRole("STUDENT")
//			.antMatchers("/Teacher/**").hasRole("TEACHER")
			.anyRequest()
			.authenticated()
			.and()
			.headers().frameOptions().disable()// 不拦截iframe
			.and()
			.formLogin()
			.loginPage("/Login")
			.loginProcessingUrl("/design")
			.failureUrl("/Login-error")
			.successHandler(myAuthenticationSuccessHandler)
            .failureHandler(myAuthenticationFailHander)
            .and().logout().logoutUrl("/logout").logoutSuccessUrl("/Login")
			.and()
			.csrf()
			.disable()
//			.and()
//            .headers()
//            .frameOptions().sameOrigin(); ; //注销行为任意访问
		;
		http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
		http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
		http.sessionManagement().maximumSessions(1).expiredUrl("/Login");
	}
	
}
 